By default, netcat operates by initiating a TCP connection to a remote host.
The most basic syntax is:
netcat [options] host port
This will attempt to initiate a TCP to the defined host on the port number specified. This is basically functions similarly to the old Linux telnet command. Keep in mind that your connection is entirely unencrypted.
If you would like to send a UDP packet instead of initiating a TCP connection, you can use the -u option:
netcat -u host port
You can specify a range of ports by placing a dash between the first and last:
netcat host startport-endport
This is generally used with some additional flags.
On most systems, we can use either netcat or nc interchangeably. They are aliases for the same command.
How To Use Netcat for Port Scanning
One of the most common uses for netcat is as a port scanner.
Although netcat is probably not the most sophisticated tool for the job (nmap is a better choice in most cases), it can perform simple port scans to identify open ports easily.
We do this by specifying a range of ports to scan, as we did above, along with the -z option to perform a scan instead of attempting to initiate a connection.
For instance, we can scan all ports up to 1000 by issuing this command:
netcat -z -v domain.com 1-1000